Lesson 1, Topic 1
In Progress
Implementation of the policies and processes
The easiest way to implement the standard chapters is to assign responsibilities to persons or groups. This could look something like the following table:
| Chapters of VdS 10000 | Responsibility for implementation |
| 4. Organisation of information security | Management |
| 5. Information security policy | Management, ISO/ISB |
| 6. Information security guidelines | ISO/ISB, IT-Officer |
| 7. Employees | Management, Human resources |
| 8. Knowledge | ISO/ISB, IT-Officer |
| 9. Identifying critical IT systems | ISO/ISB, IT-Team |
| 10. IT systems | IT-Officer |
| 11. Networks and connections | IT-Officer |
| 12. Mobile data carriers | IT-Officer |
| 13. Environment | IT-Officer |
| 14. IT outsourcing and cloud computing | IT-Officer |
| 15. Physical access and access rights | IT-Officer |
| 16. Data backup and archiving | IT-Officer |
| 17. Faults and failures | ISO/ISB, IT-Officer |
| 18. Security incidents | ISO/ISB, IT-Officer |
| Appendix A | Management, ISO/ISB, Quality management officer |
Changes in operations should always be clearly communicated to all staff to enable compliance. Continuous improvement should be the goal, so changes should also be communicated to staff, for example via company emails. Try to listen to and involve employees to avoid a complex and unacceptable pile of rules and regulations that would lead to uncertainty and ineffectiveness in the workplace. You can find tips on simple systems or procedures in the respective document templates.